| Name | 4837f7e1f1565ff6_jquery-1.10.1.min[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery-1.10.1.min[1].js |
| Size | 90.9KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 33d85132f0154466fc017dd05111873d |
| SHA1 | 161b78ec52f28657a835e4a5423f03782fd35806 |
| SHA256 | 4837f7e1f1565ff667528cd75c41f401e07e229de1bd1b232f0a7a40d4c46f79 |
| CRC32 | 577F0657 |
| ssdeep | 1536:84TCgi8RzmZFX38J+L0kJQsYb+5k/QRZdC/RtfDwnv+p0WzH/IoSE7qABZnu0sFv:84AkTtU2p0WPSIDrstfam |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 502f9fba9bba2ca5_cookies.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\cookies.txt |
| Size | 104.0B |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | bf6c156441320d21440afc65a6bcf77d |
| SHA1 | b04bb3fa963147218ef2c79e96a5a3e1d899e94d |
| SHA256 | 502f9fba9bba2ca5f57a3a0ea7efcee4731c98dcd2ea0fcec21059b11ddbf352 |
| CRC32 | 9B7B9D33 |
| ssdeep | 3:dIEWKKBnCpvTOvDxRVlDEKTkgn:tWKKBnCvTObvVBEKTb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 34110862a2729b61_e2xjcace.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\E2XJCACE.txt |
| Size | 219.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 8a3c6e4bbf3cc4cb526fd3706a7bfa40 |
| SHA1 | a4eb3fd8aa1dbc882452f0f361cdf7682413bbd7 |
| SHA256 | 34110862a2729b61cc09c3b98c30695618618c68e7bae8463d303e1b3139135c |
| CRC32 | A50191D8 |
| ssdeep | 6:Q5a4bEKXMXthnwilJKkEzNVjLGXF/LDJqE6GXMTVsUDeaXrPiv:QEKXMXtVwiuFWXtDoyXMTVsuTDiv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0df2b6708f4fdf8c_sqlite3.dll |
|---|---|
| Filepath | c:\program files (x86)\winthruster\sqlite3.dll |
| Size | 1.0MB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | fc1589823d2c9dcd63dbeb829db3621b |
| SHA1 | bf097395aae5f0f330f2a4dbc0aab25c2c06aa80 |
| SHA256 | 0df2b6708f4fdf8c040129198c54e1b20fc419e774e0cb06412dcfb65e2a2f51 |
| CRC32 | 4A6B0AA6 |
| ssdeep | 24576:ERwXVREXm6CX7FgiX+y3sxroF/Ktlne05qj2:amTXhznqroFYln |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9ded2d3afb73fb0b_swedish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\swedish.ini |
| Size | 74.1KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | f05e6a104b34caed1164afe677136ec3 |
| SHA1 | d1ea1a2aa7219d7e4e23df41e5c0fb2378fdfce9 |
| SHA256 | 9ded2d3afb73fb0b7ac04eda26519b1e7c087577cdc2d52f7d663ca2d8ae940a |
| CRC32 | 54A05760 |
| ssdeep | 1536:it1GzWB9JayP2bmVBe8qb5/hQz8fd0flCbMm:od9Jao2bmVeXyYYm |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 058ed961bfe422af_ec[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ec[1].js |
| Size | 2.7KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 7b430c6350a59a7cf22b9adeccba327b |
| SHA1 | b48d3c289bcb6809bb52fffd8f013055ed6bcd65 |
| SHA256 | 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c |
| CRC32 | 1017F29F |
| ssdeep | 48:XFZp/sZ3lYQc7ArfSM3eIubF1QkNsKclMtPp/7qgAsFte6NPvD9T5AyNBK:1f/6lGUrff3eFLhNs+G6hb9xK |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8edf153bbd7f8809_bullet-clock[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bullet-clock[1].png |
| Size | 1.6KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 0a9f9468a1fe4157f3fd2bd2602c118c |
| SHA1 | 0c95a6330e3970aea7f387a7bcc6f7c263529091 |
| SHA256 | 8edf153bbd7f8809231f5da3716f980bd9be90b80a0c59c0c75911c26ebba577 |
| CRC32 | 1F79D1FB |
| ssdeep | 48:qqQvnLrP1scJJ3JUdPohM6bRcsdnf18rygBKnsc:jQpZ4QG6d9hWrJBKnsc |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 776bd7578036ca0a_icon-mail[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\icon-mail[1].png |
| Size | 321.0B |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 25 x 15, 8-bit colormap, non-interlaced |
| MD5 | a71ab656fa33d48729ca658ce1fa89d5 |
| SHA1 | f7d39474cee1adb481747a15d0f9802eb8d2fb93 |
| SHA256 | 776bd7578036ca0a54f2dbb97e53b0df6dad7743141db8a4bbb0c59ae04af560 |
| CRC32 | 8579D4E0 |
| ssdeep | 6:6v/lhPJXnYG+/iFY6e+s3JyBZXrbi/6wP2q0tZ7Nf7c/aPVp0alGp:6v/7RIGhY6zWJqhL+2rtZ7ywVLlk |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9447ae36d6c78575_wtnotifications.exe |
|---|---|
| Filepath | c:\program files (x86)\winthruster\wtnotifications.exe |
| Size | 4.3MB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 45c3121df51b230fd6cbdd90f2fb3f76 |
| SHA1 | c7a5d1984bae4c767f9a0f475d261e21fae93e99 |
| SHA256 | 9447ae36d6c7857526dd270bb9ed3fbfa1b96d341fad0baceec124752eaf3fcc |
| CRC32 | 31CA8560 |
| ssdeep | 49152:hykNVT1oTz2SCcp4UNRw+yDrb69U8WXvO3cEFW5T0pAj+CdqzXF6huyahSO:hNvTfUo+yDrbsU8WgcEFWyI+Cwpd/ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 53d1289666459674_api[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\api[1].js |
| Size | 12.6KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 77231a402c0785dd1af7dad4fcbf5066 |
| SHA1 | 931c3fd97e666559fdecfac975ede941e61af6f3 |
| SHA256 | 53d12896664596744feb6e081837d334e27fe62e591d850f8fad664061225211 |
| CRC32 | AACE34EF |
| ssdeep | 192:eehA3eSj+uVpGWJKOzWe17f69gUKUtCwm5M6+SczlM5:eyAOwGsWe17f627BwmL+ScxS |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 152195d7e8123ea3_schedtasks.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\schedtasks.txt |
| Size | 6.4KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 4a4daea75b2721a97788a7601b36d2ed |
| SHA1 | 04378a2ec2ab466e0b1e9accad4d8412fe1cb947 |
| SHA256 | 152195d7e8123ea38ca85b0d70d59d1dfdc3ec0bb3d6312c889d67795f0f5caa |
| CRC32 | BC7BA515 |
| ssdeep | 192:iPHHfnYHvvC2bKUdsjMXYWUSmexdNYzjsMc:iPf2vC2JUfexdN/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 051f4347338e72f3_ie9styles[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\IE9styles[1].css |
| Size | 178.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | f7bfc32beee6f089650cbe52c9e7a314 |
| SHA1 | 9f9b8b3904d9d311bcdd1f10fffb2645753eb4a8 |
| SHA256 | 051f4347338e72f36e43ed737725f306d283ea286ad798e80247d1efb4d32cba |
| CRC32 | BD1B5A93 |
| ssdeep | 3:5RFkjGm2iSlAvSFGZFvLFRNga5AXUXFRS9WlVtFSYRSQELRMRwpBZrVhVbJ5DRfv:PUm0B7vLFca53blV+fQyMRw1xNH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4a3398b00e10eccc_PGGLLVNR.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\PGGLLVNR.txt |
| Size | 937.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 032879fe22c4c364767197e963af3433 |
| SHA1 | 962566a915295fc2cdfba1ccded116628389434f |
| SHA256 | 4a3398b00e10eccc6f5d40f583b4d0f9d5714f07159a8cca3725a038699e45ca |
| CRC32 | E8E743C0 |
| ssdeep | 24:8VD1f40JF3bgiB/8apeuNHYpl1pLlkES2ZRJwC/v:O13P3bXB8KecHGHpLlkE3XJwKv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2722c28c4fd67db7_italian.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\italian.ini |
| Size | 78.1KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 3eba012b4acfca4058f8258ce5824a83 |
| SHA1 | d474b0817269888caf77276bc5feda14c6fba64a |
| SHA256 | 2722c28c4fd67db7f1c53d8c20a5f375917a6dd3885915104814b500bd29aaa0 |
| CRC32 | 8D77070F |
| ssdeep | 1536:9QBCOWpHHAlBvCfqvoSEbDLTkopx0CvpYHYuOvP8VpqtZEzSE8AbTpT8:9QBCOWepCfqvpEbDLTkojnRYtKspqtiu |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3f15aa9643b732b3_882vouxn.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\882VOUXN.txt |
| Size | 245.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | a5d967a48fd89d800bf709a59d6dadda |
| SHA1 | c6f0ab1299bf69ea51c6c808c495841c515c8638 |
| SHA256 | 3f15aa9643b732b3791ad66abf1d1f4f493804ee505c36c0d47cde6a6363df1b |
| CRC32 | 35F619B4 |
| ssdeep | 6:sz5It3PvjgCmBDxaAjntrUGXPGdBIyPEEKUOCUvaztbmiv:sIPvjn2Dxawnt3PTDEKR5vaRaiv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7e8ee959447b563_bullet-tools[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bullet-tools[1].png |
| Size | 1.6KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 59add26e85071ab9dd6db795b121b62f |
| SHA1 | 75f2e114ca7c654806a687d5a70e1a7c47588cea |
| SHA256 | b7e8ee959447b563c1c7a35a6274669636d8b91226986d89c1284f48334a3ccc |
| CRC32 | 1A8D149D |
| ssdeep | 24:k1he91Wwh82lYSKk3jzGPVcrcT3ohyJ3VOgG4WeHK+CQaoHcYcZMm+MhsuV9:qqQvnLZP6rcJJ3JbWeRCQaYcYcZMm+O7 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | bf4009603d5531a1_gtm[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\gtm[1].js |
| Size | 130.8KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 0b2f344bbfe0901ca2e078259ac7f089 |
| SHA1 | 70d24172c0f9f8fc934e7d74643eff77d345f044 |
| SHA256 | bf4009603d5531a13af597ff6b15906dbed6632a14c913986754d8450e15b597 |
| CRC32 | 618AF768 |
| ssdeep | 1536:aNz7knEa8tg0zMbWd3gQsHgxf8b0apGaS1NyyOhMJ0ahCdtT199RAkFAY14ZJIC1:UkEck3gQ4gxkb0AGmMaahg36bKUr9x |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5521b2c8f81b1f54_services1.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\services1.txt |
| Size | 3.3KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 66dbac17c1f42c56820a7f646fa17775 |
| SHA1 | c2f57bdca72d8892a0b4fa0c818a08d9b681d1bd |
| SHA256 | 5521b2c8f81b1f540f464f69d05b7662935917238c2ab424f091273833b06fa6 |
| CRC32 | 5636A6BC |
| ssdeep | 96:zXOa/Ty2JCNSwdT4BaA+Gm8Rfcyz0U+fs1qV:zXOaBJCIwdTA+GQK0U+fs1+ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 61ea387aa104d550_mobile[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\mobile[1].css |
| Size | 6.0KB |
| Processes | 2436 (iexplore.exe) |
| Type | assembler source, ASCII text |
| MD5 | 874af21836b8ce61bb76ccbd196eccb3 |
| SHA1 | 1468ead6c984a9d2754b0d17a3edb5d87be55e7f |
| SHA256 | 61ea387aa104d550f9a9d77e82021abdf911f3d1b4b3b59c81afec583dfc6add |
| CRC32 | 80462581 |
| ssdeep | 96:1SqXQw5IKeIH6vCkXbi4FdqGeGVFXQw9KsVHHZ1MfyETrZtsbbiUIrTqDFvXk:0qXlWKZH6vpdqGeOFXl9K+kf1qDFfk |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fb093590c8830784_brazilian.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\brazilian.ini |
| Size | 79.2KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | ae033a6a0ccee93c63d90694010d0bdf |
| SHA1 | 47da037b82ad769ec0dffc92300d5510359c0241 |
| SHA256 | fb093590c8830784072995efb64527bf0e0b01385b6f9ab4d6e35bcd04210986 |
| CRC32 | 077B0F6E |
| ssdeep | 1536:bDY05yc/yoMArWgTNxe2Bb7JhIoLbyMX4ceE0uLFt2OADDuQ:/YcXbve2Bb7JhIoL2M4cNbTA3x |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 92fca55833f48b42_linkid[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\linkid[1].js |
| Size | 1.5KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 0cc3a63fe10060af4a349e5df666eefe |
| SHA1 | 3e8d3925b550345123f2cab26568221fd4154f9c |
| SHA256 | 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 |
| CRC32 | 6A42CEA6 |
| ssdeep | 48:Xpm6RFvCzWzAiWqSeTqn1PByqka1cUj54/vD978:5pfpy1Pkqka1cS52b978 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3baa7dada83f8b97_K7VX4N14.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\K7VX4N14.txt |
| Size | 729.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 5049bceabe428aa688e277e4a5ebe937 |
| SHA1 | 509f7aaccf55fed279054cd17a477fec5b807fd8 |
| SHA256 | 3baa7dada83f8b9743bd865c24a6a6e1c116f7b5f88761f78230e796010a9e11 |
| CRC32 | AD073999 |
| ssdeep | 12:NqS5QDU5dyBu/+F411eGRcpUMQA/q/qMK8akYbbS5+Pqc4+LZxrPOXMXhLlWXMTV:8VD9sGi11PLMREah9q5+PnLPThLlkEv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 321f9669803fa9e2_UKHDPQ0K.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\UKHDPQ0K.txt |
| Size | 80.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | d2d238ff92a9d2a0b0e9a768e89d1217 |
| SHA1 | 79cbb8b7540e646a5e292bdff1a1f08d99611cbb |
| SHA256 | 321f9669803fa9e2ce698e69c1a6bdfd6bac940e1a6126ac4c1c21abad47e367 |
| CRC32 | EB10A89C |
| ssdeep | 3:Q5aXIbELgN4GMQ2IovgRLIeVjvn:Q5a4bEKXMXWVjv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 11c8b6dbd67ab9c4_logo-microsoft[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\logo-microsoft[1].png |
| Size | 4.1KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 106 x 63, 8-bit/color RGBA, non-interlaced |
| MD5 | c044dc3cc00d1b97c81f6d454b97b961 |
| SHA1 | 8d62e0ad00adb37d846a0d8f9c2c77ebb3390e20 |
| SHA256 | 11c8b6dbd67ab9c414491108e5f2282c66c9f232deef702887330f7acde3d80c |
| CRC32 | FDCE95DF |
| ssdeep | 96:ttzSwr/jkLjTfPOu2BznrE+EDY+b3z0E9djY9/rM+QdN:8L3XOuR9DVTRdG/ruN |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 63a2ecbc2e1d491e_GK04G0MH.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\GK04G0MH.txt |
| Size | 843.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 0729df59c1cef87fc896f3dc5d59dcfa |
| SHA1 | aaf487771e4906312291b9dc82894080f09d0b74 |
| SHA256 | 63a2ecbc2e1d491e6a52c767c5551454efe5d1b399fbe50d7839b4866dd3a0ba |
| CRC32 | CD5175F2 |
| ssdeep | 24:8VD1f40JF3bgiB/8apeuNHYpl1pLlkES2ZRJv:O13P3bXB8KecHGHpLlkE3XJv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fd361b57998c76f8_analytics[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\analytics[1].js |
| Size | 44.9KB |
| Type | ASCII text, with very long lines |
| MD5 | 871c39943ac31c498d591a714a31212c |
| SHA1 | 1d9ff3e3db5eb5293de06df5726f6058f07d98de |
| SHA256 | fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955 |
| CRC32 | ACF6773C |
| ssdeep | 768:zawmjvtB/E52UgKyPnUUTdAWA0YiaC6Vyn5ebYUDTJtwHx6g0stZS:za1K5QbUUT1A0YiowH8g0s6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0c210175405e0e52_winthruster on the web.lnk |
|---|---|
| Filepath | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\WinThruster on the Web.lnk |
| Size | 1.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Nov 21 05:39:08 2021, mtime=Sun Nov 21 05:39:08 2021, atime=Thu Jul 18 05:09:28 2019, length=65, window=hide |
| MD5 | 687195b862eba61a0dfacee8e98ac852 |
| SHA1 | d08af46d52954b432a5bb3dbac240b35c8e6d78e |
| SHA256 | 0c210175405e0e522ed00bbcee8afd84f68736d4ffe6c289086c5acad1a8720a |
| CRC32 | 96621004 |
| ssdeep | 24:8mYidGodOEc7WnA6yMnAdBodBmUPPy22d:8mYid5dOtp6yRdedZnyF |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1ef937a68518d6ff_logo-apple[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\logo-apple[1].png |
| Size | 5.7KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 68 x 62, 8-bit/color RGBA, non-interlaced |
| MD5 | cd1683a092638f189f378e64f9c973e3 |
| SHA1 | 823b6bd855f652d75e0a3116188ac90cd27eacac |
| SHA256 | 1ef937a68518d6ffb3396e0bbb09534c18a24deaf1c81ac81a1a9d3b1e90a3c3 |
| CRC32 | C8DDA3C8 |
| ssdeep | 96:6OObLDn8PCVRD1racOZ/8ass7p3T3+AqdZZLDSl5ee/c1hAyvpRvBu69:oD8PCT4nZ/8jkVuAqdLDJ+Mlkc |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9ce3fe4c462d0976_unins000.dat |
|---|---|
| Filepath | C:\Program Files (x86)\WinThruster\unins000.dat |
| Size | 29.3KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | data |
| MD5 | 230356e3515a3b4111731619495d605c |
| SHA1 | 4c77cc19749490ff816f4fdc0c506f5ea5fa9dd3 |
| SHA256 | 9ce3fe4c462d0976f5dea635c50da1f9b13533047c2919435513a4ccff8e3ac2 |
| CRC32 | 3E54DDBD |
| ssdeep | 384:h3KbCPnb35W1Uk9a/l/8NN1Kp4f10GBmSJGXnNAbPIPtoZjHcTo:0b6pCISJGXNAboe |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 15b41266db052ef7_polish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\polish.ini |
| Size | 79.9KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 707f0a1572f316ce397c6c9bd43055be |
| SHA1 | f1035c154e17e7a5bcef8863a8209bd93f2a9efd |
| SHA256 | 15b41266db052ef73f35465ac241314033a628766f954418703a35c5078ef07b |
| CRC32 | 99B60DB1 |
| ssdeep | 1536:qwGpGER6FqaQHYJdqBUKsmb/szwcRQ08Yks6wkiNOkGK3:q16FqRYJdqmKsmb/s0cR/kdwV7v3 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a1925038db769477_analytics[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\analytics[1].js |
| Size | 49.0KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | d40531c5e99a6f84e42535859476fe35 |
| SHA1 | a901817d77b2fe5259c298c91bc65c54d7f8a1a9 |
| SHA256 | a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 |
| CRC32 | D6CB62CD |
| ssdeep | 768:Yan91xe8BCwsN7sP5XqYskqYyPnHOlTjY3SoavbVvKHmCgYUD0ZTXEwyVfZs6:Yanxx1r5hsvlHO9Y3So37UwyV9 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 75fd81f57ad77f15_services2.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\services2.txt |
| Size | 14.2KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 340b31f1de820e89fdab9cdb659511e9 |
| SHA1 | 0c2c8a01e052330e3c24fad548abe38cd4932b19 |
| SHA256 | 75fd81f57ad77f15ec5444d736a6b16b48d163c8bf1051c6511662ee50a8fa67 |
| CRC32 | CEE654A7 |
| ssdeep | 96:4u4y64zqfQY0/XDlBZkJVPhbC6UJw3OaeOd9CYp1NKMU2SmwqC55BwSLhLLwtwYR:NY4pAefk12T/5YzpftOC+WNB5/fXGaZ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8ea88916e8d549b8_bullet-graph[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bullet-graph[1].png |
| Size | 1.3KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 55b3367e99d4cd5909884ccf0d3f2ed5 |
| SHA1 | e3a725356d2845b729b4ef3371fe612d9975f442 |
| SHA256 | 8ea88916e8d549b83086f2fc6d96e3a900b4f3cfa04c9417432c8a1ad1309528 |
| CRC32 | D1AC2255 |
| ssdeep | 24:k1he91Wwh82lYSKk3lPVDcT3ohyJ3VOgGo4gJuSu2MBnHtH+v:qqQvnLmPVcJJ3Jg+ux4 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f6fc97260e395958_4l8t1l27.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\4L8T1L27.txt |
| Size | 1.0KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 404795d7e52d88ba65c232466d9d58fa |
| SHA1 | a4eed5a05b7ef653dc3d72d305f26c343748f096 |
| SHA256 | f6fc97260e395958ad0b0fdab83bc5e46bd54025520fa1b73370099efd8145ee |
| CRC32 | 027A949C |
| ssdeep | 24:8VD1f40JF3bgiB/8apeuNHYpl1pLlkES2ZRJwC/GfBv:O13P3bXB8KecHGHpLlkE3XJwKev |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 00c894d6dd74926e_MMU8Q22U.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\MMU8Q22U.txt |
| Size | 649.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 4cf08363886d4fb50f2ed8fcb41a0ac6 |
| SHA1 | f471547d8d426968fe777951a44e54d06381689a |
| SHA256 | 00c894d6dd74926ea91a88ccd74ffcdabefabe256d419e531136cb0443b6861c |
| CRC32 | 28D6A005 |
| ssdeep | 12:BJZrh1s6bCbl2JEis9QP/f8TDxpbrQ3v2OxYRzhcKXx3trxkUXEXMXWVjLlWXMTV:Bp1F8l2JES/8vrQf2NzPriU5qLlkEv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b59785f62c26b60c_slist.db |
|---|---|
| Filepath | c:\program files (x86)\winthruster\slist.db |
| Size | 1.0MB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | SQLite 3.x database, last written using SQLite version 3011000 |
| MD5 | ddbbfda211ed1460d616a48fe1ef9676 |
| SHA1 | 5306fba67448ab0c1c3e55808d13b1f900e82493 |
| SHA256 | b59785f62c26b60ce5d6e30e88946bffc3d7eb8c0f572359d36985ca8ee4bc48 |
| CRC32 | 1865397C |
| ssdeep | 24576:WY8IyylDzjpmRFQn0g5cqhJWT2mZws7noPrbLT:JrlhyLu |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0ea8d905300c96c3_winthruster.exe |
|---|---|
| Filepath | c:\program files (x86)\winthruster\winthruster.exe |
| Size | 8.6MB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 42d92ec2bed0fc88d9fd9a685fc9c4c1 |
| SHA1 | 47f599d5225a3c71e1f3d7d0d0e0b8ce7c73c478 |
| SHA256 | 0ea8d905300c96c38563040906fb9b1876169e1e53d7aa376412f94b5f7bac3a |
| CRC32 | 55F0FD1F |
| ssdeep | 98304:NotsF+2g+iCIR+NFaNaiKAR8CYzIfXHEGltrqJ/yPRZKVkf2wvHgI/:NoGFPgcLsIc/5qJ/yJZ4kfvAI/ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | bebde1daa07b9f2c_sitentf.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\sitentf.txt |
| Size | 4.2KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | b8dd8bdac1510ef2fb80b5f6cb43b71d |
| SHA1 | e5efffaa40f1bbc65a91fe09b29ebf655df88315 |
| SHA256 | bebde1daa07b9f2caee5006af0cfd6d43df7c69f7797981ac4f088b26944a190 |
| CRC32 | 15F9C650 |
| ssdeep | 96:kxXH+TBvERKDzCxLg+lQm+zHj6DnojA4EBhqmhEWl7GMCdM9:kReFE0DzgMn3zD6DnoSZhEWl7GMGe |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 232829b6760e0452_spanish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\spanish.ini |
| Size | 81.7KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 00a98d0c782e107ad0d119fc543de608 |
| SHA1 | caee93b2913c2acdab7be5eb5746ff8fe0371050 |
| SHA256 | 232829b6760e0452905f9afd0d4615d838ff4575c530effc07c36e2e07852c82 |
| CRC32 | 80423075 |
| ssdeep | 1536:7cGFjNbwPjDo54t6oK9aBDNQE7cSAa+nkg/Vlh:oOjhuBDNQecz/5 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | be18360efad599ac_bullet-user[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\bullet-user[1].png |
| Size | 1.3KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 47925998f4d85ebc3f018f4009c520b2 |
| SHA1 | e752ff8a30e0a5c1f40b52f33792dbe9adf59fe9 |
| SHA256 | be18360efad599acc03e4540f266cfc83120c7e26911e1230787d50d93ffc1cb |
| CRC32 | 67DF2659 |
| ssdeep | 24:k1he91Wwh82lYSKk3juPVDscT3ohyJ3VOgGEymP7tDibd2C7YLYVzz:qqQvnLdP1scJJ3JNTBmI6BZ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 711d609f451e1fe9_btn-medium-arrow-right[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\btn-medium-arrow-right[1].png |
| Size | 286.0B |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 28 x 26, 8-bit colormap, non-interlaced |
| MD5 | 3673abab23f4253bbf9f7dc91c2df7ef |
| SHA1 | 455580050aad6775024769cb209b18e5d98a3365 |
| SHA256 | 711d609f451e1fe9543c1ed1f3d94399cb470161ee19549ec2af48464c878a33 |
| CRC32 | 7E9C8CE3 |
| ssdeep | 6:6v/lhPeF/hIoaRX3rgvHigLBw14Ov+yiYVzi87XjTPxfp:6v/7K/h3aV3rkoNwwfPz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8f2e410a316b73a3_MIVSYDS7.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\MIVSYDS7.txt |
| Size | 80.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 9bee2fecafe04b08e81b2e1dee24480c |
| SHA1 | 24434d9fe4e573a92f5a4ceacbe7622d73151137 |
| SHA256 | 8f2e410a316b73a31afbba11ceae378ed5718efafac9d7a2af1926de1b5f1752 |
| CRC32 | B57C82D6 |
| ssdeep | 3:Q5aXIbELgN4GMQ2pS/vgRL8iiVjvn:Q5a4bEKXMXpUiiVjv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 89747c19d5ff724c_Setup_WinThruster_2021.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-QK5M8.tmp\Setup_WinThruster_2021.tmp |
| Size | 3.1MB |
| Processes | 2780 (Setup_WinThruster_2021.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3a3305330ad78837ffcd94fa287973e3 |
| SHA1 | 73586304f35e4e8a6bba8574b9bacaaaae4af1f0 |
| SHA256 | 89747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54 |
| CRC32 | 6F2233E7 |
| ssdeep | 49152:yEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVM33383:y92bz2Eb6pd7B6bAGx7C333c |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 135d81feef8bc93e_animation.gif |
|---|---|
| Filepath | c:\program files (x86)\winthruster\animation.gif |
| Size | 3.9KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | GIF image data, version 89a, 48 x 48 |
| MD5 | 915f2ce934fd4789216b91bf9c2609fd |
| SHA1 | cb942f9e699d07f85a008e8131bb8a92a3974f87 |
| SHA256 | 135d81feef8bc93e48f3d929d9249abe56e8b0a566f51964c8cad28602219250 |
| CRC32 | 025FA10E |
| ssdeep | 96:I796+qTY+rVj7rP0G3Vd3AbHAEv5+XBBWFVUUfkkVcya3Bu:I79bqk6nL987GBERc2h0u |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 76d5cef467461519_icon-large-computer[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\icon-large-computer[1].png |
| Size | 1.3KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced |
| MD5 | c46bab0dac6430c201c5235856484957 |
| SHA1 | d5e819f3d8ad3138534c4b08a16c0fa055ffbbc6 |
| SHA256 | 76d5cef4674615198b87f94fc149ed045dddf941a11ca8b88762eafe7ac591cc |
| CRC32 | B900C37D |
| ssdeep | 24:q1he91Wwh82lYSKwZCVK8T3ohyJ3Vgv+GcyyW0L+uKHZlYQUC4Br+jm:IqQvnL1HJJ3u23vWC+Nlgr+jm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8ce8f98d6f281b96_buttons[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\buttons[1].css |
| Size | 3.2KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 6fa6330e4b8f94ce0a0a2a9d58cf5fc1 |
| SHA1 | 5d2e2d2013e3d743aa7a44e0d72ba7e08054ddb3 |
| SHA256 | 8ce8f98d6f281b966c0f85f552785e2c547864ada3f7c65613bc8ec5c735aca3 |
| CRC32 | 721CC5CF |
| ssdeep | 48:tggsAcAz5313SAc4KQf51nRCHvF5i2f2P5Q9LN5NbXLOLn5i2dL7jn5ND9:igsAcAN4Ac4pBnCHvXP2PW9jdXylNfNP |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d9a8ec5501d0d099_english.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\english.ini |
| Size | 67.3KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | d1eacb5444807fa0b09b28172f3fcdfc |
| SHA1 | 69bad9990e51d353967ebc389393fe29eb6abc67 |
| SHA256 | d9a8ec5501d0d099e626af438f24255a576df597eff23b35ac77f013e04835f8 |
| CRC32 | 946F1E6C |
| ssdeep | 1536:eLItgp6ZO9ZAnHFQ5DVDcKyW8EeOeO1NC5Pl4azPJFagyhWXoMNB5lyonzKWz1wY:7xYMOjP1NC5tB3xyhV4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7abc5c76657e3a7c_logo[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\logo[1].png |
| Size | 2.1KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 164 x 60, 8-bit colormap, non-interlaced |
| MD5 | 64b532bf122e6f714f9e23e8369cf628 |
| SHA1 | 7affbd2b99f1f2bda0806244f42ec92d4bfbf5f8 |
| SHA256 | 7abc5c76657e3a7c063a2c5e2429d298e486686332d02d3d7d01caf28a38fb90 |
| CRC32 | CD3B32BB |
| ssdeep | 48:MyMY378m6Ye8cEw/0ccV3VWkBxi3mctW3:MGtbK/UVlWYjctK |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cc08c058a1be67e3_bullet-wand[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\bullet-wand[1].png |
| Size | 1.4KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 6a54c82901986709d4f72f09a6291406 |
| SHA1 | 797e1d818f2c20970ab622ee845ac89e3b4adf80 |
| SHA256 | cc08c058a1be67e3e662fbbfc84668cc5a77781daa31183b87bec86ff3e1a33c |
| CRC32 | 08E5A256 |
| ssdeep | 24:k1he91Wwh82lYSKk3jgPVscT3ohyJ3VOgGnbhNxPDFNBtAel87k7FWJi:qqQvnL3PCcJJ3JM1N5DFjt+7k7FB |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8ee484bdc3b762ba_js[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\js[1].js |
| Size | 570.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines, with no line terminators |
| MD5 | 9ea3f7112df89052dd5fe4fbff93b7de |
| SHA1 | 2785f64f396b673081a6d46c3ce34f683b7b5f99 |
| SHA256 | 8ee484bdc3b762ba7bea5810ab3554a8359141394a568357f500763bdf807de6 |
| CRC32 | 2BF5D003 |
| ssdeep | 12:mjhW4qysyu3mxBB4NfHT9JFPgqq9aHDRWUkEzQRuhoNMb:OhEyZuWsz9PYqqORWUnkIhQS |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 176ce4ea52b7dd22_{cd729e3c-4ad8-11ec-940e-94de278c3274}.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD729E3C-4AD8-11EC-940E-94DE278C3274}.dat |
| Size | 7.5KB |
| Processes | 2304 (iexplore.exe) |
| Type | Composite Document File V2 Document, Cannot read section info |
| MD5 | 1559bff13e28075a64554632366806f7 |
| SHA1 | 5ef0e75a941150bc919c7c4834b010c44c3aab94 |
| SHA256 | 176ce4ea52b7dd2284bdc3db804b1463f85239781bf0d7264220a8e7ee666370 |
| CRC32 | 35415B56 |
| ssdeep | 96:88DxT1CaAzRur+k5pF+AzRur+k5pFCtPqtKUAzRur+k5pF5+e:8SxT1Cam7kl+m7klw/Um7kl5F |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 55f85aa027dbb503_logo-winthruster[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\logo-winthruster[1].png |
| Size | 2.9KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 201 x 40, 8-bit/color RGB, non-interlaced |
| MD5 | 257a648c9c98f3d23e700fc51a0d9066 |
| SHA1 | a0ce8a2ddc4d73f439204970b305c179dea282f1 |
| SHA256 | 55f85aa027dbb5033787b4781ab4a78ccb047441b23dc37d729c13a4c7f4cb32 |
| CRC32 | 607F98F8 |
| ssdeep | 48:ooLC9m8PMl6hASF3mGjiNn3KuiWuLfJmw55DhZcZ6cpvfj+9MVMRfgtqkmMlq+ZI:oMiTElK9mu6na7WcNUK9MKRfgt4UqN |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cb5ad53426a5e067_icon-large-search[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\icon-large-search[1].png |
| Size | 2.2KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced |
| MD5 | c13af507fa73aa71a7058329a18d5f1d |
| SHA1 | d529abba3efb355b3110d8694cba31d68613766b |
| SHA256 | cb5ad53426a5e0674cfdfbea87256135e701c912bdef94bf47ad7609c355a7b4 |
| CRC32 | 88668533 |
| ssdeep | 48:IqQvnLyVJJ3Pbo7Fs5RBVCuZQr9sJq6BL:pQ4/IFK0uNo6BL |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 74c7175c6d1ba841_homepage.url |
|---|---|
| Filepath | c:\program files (x86)\winthruster\homepage.url |
| Size | 65.0B |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows 95 Internet shortcut text (URL=<https://www.solvusoft.com/en/winthruster/>), ASCII text, with CRLF line terminators |
| MD5 | 456529ff5b26d7914403289956523ee5 |
| SHA1 | ce17c42ba1c3aa90eacde992f33ac1654b3f7583 |
| SHA256 | 74c7175c6d1ba8416f2784f0b33f8bc115bd01cd9cd8c170254f83798cc986e6 |
| CRC32 | 7A27A4D1 |
| ssdeep | 3:HRAbABGQYm2frSLgN4GFSMLrXQWgK:HRYFVm4GLGXF/LDD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d6cf65eaa1114a84_turkish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\turkish.ini |
| Size | 81.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | e4f6a0a918937af7510a9d3461d3a776 |
| SHA1 | b262e97e16b7a6b44576d9c9765f5d90be8d4e26 |
| SHA256 | d6cf65eaa1114a8469d06aacac77548eb0a108b555649a7b564e0f1e31d76ad7 |
| CRC32 | 92BFFF91 |
| ssdeep | 1536:mkHJlVwuXROvY7tSixX09xLvHXSfD7NAV5x0a2lhZFaS3n7U4LFR:FN3GY7tSGX09xLvH4WV5xx2lhZIP4f |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | afac9f114ed4791b_fancybox[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\fancybox[1].css |
| Size | 4.2KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 00c46d94001107b64da7f99f71812142 |
| SHA1 | 1a971ad9aab2fd9694962961a7b047369cdd5863 |
| SHA256 | afac9f114ed4791b97a1a32308573c9623b2577811a813877a0c5b5be3e1b103 |
| CRC32 | F225BA03 |
| ssdeep | 96:GKXaoFzzzQFRNRdrkNEo0Oy8DihcSX2WA:GKIF37r4Sw |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c9aa03619c70936d_0OW80EPL.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\0OW80EPL.txt |
| Size | 815.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 7520ce132cfe4c85f8f28c9c40ebd7f8 |
| SHA1 | 32c612cf0959b0ac7ffe9b30c0157eb3daeed200 |
| SHA256 | c9aa03619c70936d4ea1d9be0937f0755dc738c018c8b72afc175d534a13762c |
| CRC32 | 12BD0487 |
| ssdeep | 24:8VD9sGi11PLMREah9q5+PnLPThLlkEScFiv:OmJ12REak+PfhLlkEpFiv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ba191abb47ec556c_japanese.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\japanese.ini |
| Size | 97.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 51deb02980cef9d4cf11354b1e4c8b7b |
| SHA1 | 9e2edc80030d41840e79e589bcda35fd573cdac5 |
| SHA256 | ba191abb47ec556cf5ee294f887aa8c3c0e1e730967b58117dcc30c556e8385e |
| CRC32 | 79D17180 |
| ssdeep | 1536:EzbBLhH2hSjD2UtmsC2PvnJutSrdeoNAuz2I9YVgTOkirCQRjzF:EzbBLhH2hS2lsCqaunAuz2I9ckirCQb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4ba03e57203ea578_jquery.cookie[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.cookie[1].js |
| Size | 3.6KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 20a0023596a032da17c48c7ffe08087a |
| SHA1 | 63863462d721d103bcbbb2e1e543f8cd4bd6f335 |
| SHA256 | 4ba03e57203ea578ec51f56d317a69cc2bb83af0933780683890fd9e046b66e5 |
| CRC32 | 84BE6B4C |
| ssdeep | 96:q2Bnxb64Ng7V8cNwZGylRCsKZcj1JXulL6M/aGBcLoQ+Macn:q2xb6eg7DMCsk8fgZ3QNln |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 21b0ef748acf16c6_bullet-tv[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bullet-tv[1].png |
| Size | 1.1KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 47b1915953a360d02276178148da1e85 |
| SHA1 | e123cf44aab1de858b331977a1470b4c26dcd86e |
| SHA256 | 21b0ef748acf16c6f4bdeb3a8cb4e12fbde4ef788e1d1b40b5233f61593e5848 |
| CRC32 | AAC6B759 |
| ssdeep | 24:k1he91Wwh82lYSKk3CPVDwcT3ohyJ3VOgGeQyuFBQIZ4:qqQvnLhP1wcJJ3JUFB4 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | bb25091603de1fc8_icon-rss[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\icon-rss[1].png |
| Size | 350.0B |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 25 x 15, 8-bit colormap, non-interlaced |
| MD5 | 46c3df82292d0710bfecb77ff76212cf |
| SHA1 | 07cbe46b0ddbf146f5f9db798a0f223adf48f216 |
| SHA256 | bb25091603de1fc8f612ce87c9b26c0606711314123f4fa4870ac5986764d740 |
| CRC32 | A704AE8A |
| ssdeep | 6:6v/lhPJXDYG+/o4+bGeJhckldSVlvUzETnFRE+OgBp:6v/7RcGU+bZVSHf0+Ou |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cdc056ef3215fc33_en.chm |
|---|---|
| Filepath | c:\program files (x86)\winthruster\en.chm |
| Size | 31.5KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows HtmlHelp Data |
| MD5 | 875df483c11312f746211d7f6b8c7f8e |
| SHA1 | 33bb6085a3a952741a9bef750122ac4f6e77577c |
| SHA256 | cdc056ef3215fc337d2bf9bee97809068e434be8a81799bf3f5c6accce5871c7 |
| CRC32 | 78ADBB2F |
| ssdeep | 384:34ZAUZfNGTONlqXx4CDztELnhZD6k3zQnqui/ePvtT9vv65XFYe3FEsgJRn:3/UZl0OnqXx4kzGnLFzqqYPd9azIn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7869574c87293016_MI84P6WI.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\MI84P6WI.txt |
| Size | 847.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 70e6dc7b05d953b9d406d57e68c0eda3 |
| SHA1 | 9acfeb3e25fa27f71ad1727f92b772726bcd8c6f |
| SHA256 | 7869574c87293016d71d0cfc497402ce4f88e5117aefef272de61c91007865bd |
| CRC32 | C9F6D95F |
| ssdeep | 24:8VD9sGi11PLMREah9q5+PnLPThLlkES2ZRJv:OmJ12REak+PfhLlkE3XJv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5801b5e6d8e9bd9d_icon-facebook[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\icon-facebook[1].png |
| Size | 257.0B |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 25 x 15, 8-bit colormap, non-interlaced |
| MD5 | 319e24d01c7396a2b786e0abeaecb789 |
| SHA1 | 4b8940fd182d365513fe8515c1bf8c99418a8038 |
| SHA256 | 5801b5e6d8e9bd9dd6861a82d487417131493f01936f64462bbae3a7cbec2ffb |
| CRC32 | 6357ABAE |
| ssdeep | 6:6v/lhPJXIL+/Icl3qe/lwse2O7CBLTDbuqMaMM6uldp:6v/7RWi4evcuBLTD3t5lz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c075c39f0b1077dd_logo-bbb[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\logo-bbb[1].png |
| Size | 6.3KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 115 x 58, 8-bit/color RGBA, non-interlaced |
| MD5 | 1f14083795ce07522c49572733dbf5f9 |
| SHA1 | 03fbf8fe881ff0b669b959a8f4f922c15069278d |
| SHA256 | c075c39f0b1077dd012b5d270f8a6c39ef94552cd201e5a8901476a3762615a1 |
| CRC32 | B1CC68A6 |
| ssdeep | 96:U62+bX+go6PuOIYfcCDa+7ZOJanEDTKYXsHHGjMpTzHLFWyTU7AXqg4Q+3Puq:Uw0hia+78IuVXsHmjMpZI7osj |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d5bb85e989103d17_logo-ibm[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\logo-ibm[1].png |
| Size | 6.4KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 111 x 66, 8-bit/color RGBA, non-interlaced |
| MD5 | fbd3b7b75706e9e9044fe61666fcafaf |
| SHA1 | a997e55dcb03a61b29c192b768aa6001909a9146 |
| SHA256 | d5bb85e989103d177d3e0b276b31b8a6bd6820d357e0a4385d56d341b5a54090 |
| CRC32 | F2FA3177 |
| ssdeep | 96:J4ynXZjlFfwDkaIuJTZYo536izgPO+6RKgFaRZUoGITn0Njc80jLe5sU76DR3wsY:JBDxwDbiUKizUGsIRxIgc8MUODR3pY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 05dbe7669b9209bd_bullet-popup[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\bullet-popup[1].png |
| Size | 1.1KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 0912ac8348e53b89dd6891bcde9a6821 |
| SHA1 | 4cddc0674ebbab3a55ce3dc442ea476ec19138ba |
| SHA256 | 05dbe7669b9209bd09e745d2fc7d901da0f0968d5e5d04ed4d57b8bcb9595d6e |
| CRC32 | 83F830A4 |
| ssdeep | 24:k1he91Wwh82lYSKk3xLPVhrcT3ohyJ3VOgG645ELVRYIL:qqQvnLMLP7cJJ3JIQVqE |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 076ca657207a0b3e_winthruster.lnk |
|---|---|
| Filepath | C:\Users\test22\Desktop\WinThruster.lnk |
| Size | 1.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Nov 21 05:39:07 2021, mtime=Sun Nov 21 05:39:07 2021, atime=Mon Oct 25 20:39:30 2021, length=8980296, window=hide |
| MD5 | f88e5564fd5dcf9499d98ab83aa45144 |
| SHA1 | 01312f8f60aad79a6ef7cf56377d2aa2fb78c004 |
| SHA256 | 076ca657207a0b3e69adb70c935431ee4107bcfc004b9e0e6af0434fa9d67cc6 |
| CRC32 | DFC6970F |
| ssdeep | 12:8mDqkDls1dAzIHm5Gdp8DCDmXHtN81ytlD8CjEjA1yMwyobdpYyZSTzm0bdpYyZU:8mDgGodOEccwQA1yMcdBoxdBmUPPyd7f |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 74c398f97c8c0db5_FEQKX2F6.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\FEQKX2F6.txt |
| Size | 317.0B |
| Type | ASCII text |
| MD5 | 704cfd4d30aac2c81baabdfe293b546c |
| SHA1 | 0582b1e6f9d1a7c98664cc75ddc6865fc6835ab9 |
| SHA256 | 74c398f97c8c0db58e552dd3c9417200ae109b5ce10515e27f929834c55b31e3 |
| CRC32 | F563546B |
| ssdeep | 6:kpwa+td7CYpec8k3OgdAwmq+EbKBa1GnBc4jpccX0Wp+SXlQZWjdc8XzdxD:kpwa+LveA9dAwM8AnBLcPa+SXlQIBD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 78717dcf02720236_icon-twitter[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\icon-twitter[1].png |
| Size | 318.0B |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 25 x 15, 8-bit colormap, non-interlaced |
| MD5 | b7f001f77586c71af5e87308132b70bb |
| SHA1 | 60d6e68a55c7683d091815b3386bc36c5c303778 |
| SHA256 | 78717dcf02720236aca0baeab28d64c520100c0f9fc9d4b5f6f89ff1ea5a0e29 |
| CRC32 | F7FB51ED |
| ssdeep | 6:6v/lhPJXnYG+/i/XDtdRxiY4rlxw2omLrx8Ksup:6v/7RIGzXD7riYmw2zZ8KN |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f0df4e12972e6746_dutch.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\dutch.ini |
| Size | 77.4KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | e1a93cfdbe4e8afc677717b993596d78 |
| SHA1 | fa73fb95e9c017802bbbfa240735b1cd18c738ac |
| SHA256 | f0df4e12972e67468161d935f3117ca2688350f656f57276aa4b2624502baffe |
| CRC32 | 2A71EFF4 |
| ssdeep | 1536:2jKf68n7N1+o8IQtd4agu7qE63vein3XZy5SUC7kWsNcch9+BDeW5cHLqEzch9Q:2jU6876ZIQtd4aZqVvein3XZy5SUC7k3 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b05d23f880797e6f_norwegian.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\norwegian.ini |
| Size | 72.6KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 6ea1aea5af94db7f9c3d0c3f64fa9dab |
| SHA1 | b93854e0ee6ab5cfd6097c95b1c6b7db811366b9 |
| SHA256 | b05d23f880797e6f0ad4af895ef2838a13e6ecab800a4fcd988d7265f58ec804 |
| CRC32 | D7F1CE94 |
| ssdeep | 1536:I548hJBdKR8xcM2H4MwzFiTg45FcahfFkPE798JJ:HsJbKuxcM2ci5xhfFkPEJg |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a7114c99740c15ae_french.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\french.ini |
| Size | 84.9KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | aec819648dc5e0a7bb32b5c40eb2cadb |
| SHA1 | daee280626be946e063a07c4abaad6835e3a60ee |
| SHA256 | a7114c99740c15ae6e44f6b3064f5df1e9ce8d3d915475b2b5be46fd450b7835 |
| CRC32 | A4C6E62A |
| ssdeep | 1536:lJzQ2fszP8/ZrZAkfjUxwYdaM8QcAHhMhyBcv8SNffG3TMjjeggHV+dzo0TqnE/:lJffsbQrwxuhQcAHCcMfego+ho0TqnE/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 52e9e48df6162fe1_portuguese.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\portuguese.ini |
| Size | 80.8KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | cafc9493c66b62c349ff4aacdfddb084 |
| SHA1 | 60d35d1a969d32e401908a7d3284c122b2c9208e |
| SHA256 | 52e9e48df6162fe169c8e848b3bbb3362ee25d0a7042ec6e87be39e52eb54daa |
| CRC32 | 81994A6C |
| ssdeep | 1536:NFkAmw96plGfJrRDR6iW+1GT6yMiQn/hnkUsZkKiFMXN:NexKhrZR6iW+1GT1OnkTtiGd |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 198ded1742ad1c99_slist.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\slist.txt |
| Size | 72.5KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 5110275a17953e206f7fe8984cfde28b |
| SHA1 | 3611edb611aebfba94e60b8bd16034707f4f4d95 |
| SHA256 | 198ded1742ad1c99514d9c82301667c8e5c14ef9012620148a47495ff2454b4f |
| CRC32 | 86BCD9C7 |
| ssdeep | 1536:BVf6x3tHC0LBwM4mcM9AqmqTrAFiIGjCxU:/6zisl5cqAqLjx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1beb05868ce93bcc_IE9CompatViewList[1].xml |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\IE9CompatViewList[1].xml |
| Size | 141.8KB |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 9b63e0fb3785ffa49686dd75e303d177 |
| SHA1 | e3992de5a1b8f58a11a52ad71f275ae413927eb4 |
| SHA256 | 1beb05868ce93bcc8fafc46adccdda6d104f3c6f6c6ed454d8a6c0c208d9bd0e |
| CRC32 | F778EDEF |
| ssdeep | 3072:AoSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:dSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3077b117c4ac5191_styles[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\styles[1].css |
| Size | 22.2KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 23b8fda9e1a99f2491cd7013a5d5cf11 |
| SHA1 | 6f918d604883695f2e17c5b16bb496eb8f1f38aa |
| SHA256 | 3077b117c4ac5191b66b618cbdc9ec2d409694b260889380145be9b140ce765f |
| CRC32 | FFBAB6DE |
| ssdeep | 384:1TPxZJ9CLwCRT4OvFHR45yQcWmYsbKoTFr7xNniUT4e5vAwgNXPQtJ5:1TPxZJ9CwCp4OvFHR45yQcWmDbHTFrNx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e2885989bed34bbc_unins000.exe |
|---|---|
| Filepath | c:\program files (x86)\winthruster\unins000.exe |
| Size | 3.1MB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a103eb74323309714222acbd42c2cbc5 |
| SHA1 | 065e87d97538af6ab438b937dc4d1ff259c2eb6f |
| SHA256 | e2885989bed34bbc5eca9c45773d1a7f77c039c9b205dbcc512cb9abbb7e2d48 |
| CRC32 | 4FE4D409 |
| ssdeep | 49152:aEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVM3338I:q92bz2Eb6pd7B6bAGx7C333l |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1f04fb766cd37358_960grid[1].css |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\960grid[1].css |
| Size | 4.3KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 8cabfe7b15477b4c9a7f939cfdc968b8 |
| SHA1 | acbb36eabedc84cb9d6dfbada4812934a55b007a |
| SHA256 | 1f04fb766cd3735879c21bf158f1b9b7059e225d93a77b0d77b4b6e14eb635ef |
| CRC32 | 6534BD6D |
| ssdeep | 96:cZO1QN7ntH2sDim+qAppzy6lxcwL/z2GNaWs4An13kINEjFEWRf2QeR3CFWb9lIM:BmntH2Gim+qALOuyGrtHJi1XYyE+hhtr |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d0cc0587fdb48190_jquery.fancybox[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery.fancybox[1].js |
| Size | 47.6KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | fde264dafd67c9842a70822660496f06 |
| SHA1 | 2dfdf65326e532faf477469f06151a9401cb82d5 |
| SHA256 | d0cc0587fdb4819071d9e0d0a82022980b2fa8e846f48268fec77dfecc037b44 |
| CRC32 | F29DB404 |
| ssdeep | 768:I29YFqkxIWVSSy7DkA7DxQPgsvtrJ68ov6iIMdl7YjSg/bEfOKk53tlUgb:IBFqkxIWVShDlDxQE2Al4Efi53Pb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ac5d74f6a388e186_m=bootstrap[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m=bootstrap[1].js |
| Size | 17.0KB |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 17c421143803c654de8b15176dd9f9ba |
| SHA1 | 5e4e81cd6d94794ba490c63a866ff7b12856a725 |
| SHA256 | ac5d74f6a388e186d7350e16fc83429fbc44cf4e08e856bb9ade3f59a1a9dc11 |
| CRC32 | 88091355 |
| ssdeep | 192:b9aUruLjpGKRQG7IPkA9K5NQ2il3moMIj5yk/H1AWUDtW3ptw1Vpcse2PZT5ibL:b9aUejpXKK5NQ2iFTbyk/iWUDk3LcPyL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2658bde5d846b9a4_bullet-bolt[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bullet-bolt[1].png |
| Size | 1.4KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced |
| MD5 | 5c2407bb014d0a1409d742a01b8199de |
| SHA1 | a7c780ed6067698a13945611e054cd16d40cf215 |
| SHA256 | 2658bde5d846b9a47fab34f56d00ebfe1c48634929bbb5ca32216f25d5516a15 |
| CRC32 | 0EBF9F11 |
| ssdeep | 24:k1he91Wwh82lYSKk3erPVWcT3ohyJ3VOgGgNu2buAM6BHDRCBG0cmLGunyS026:qqQvnL1rPccJJ3Jdi6BHG3tLGuN0x |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | fe6e959f383152e3_iframe_api[1].js |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\iframe_api[1].js |
| Size | 980.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | e7bef839f7293f5525bd4383ab943077 |
| SHA1 | da510fa0a060039495f6b6571497b52d46895ff3 |
| SHA256 | fe6e959f383152e351f2cfc5b86267751c5b58c85a0efd0a86876de0cdd1fd00 |
| CRC32 | 819F828C |
| ssdeep | 24:E16MXIbtEHvk6YtpqAK/HJ2TAXzK5vuHM8aJLtdRWZ4FhQ:E1ZXmtEP0PcSAXW5kaJLzwYhQ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a78778b201120d57_N4W18NWE.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\N4W18NWE.txt |
| Size | 572.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 89bfb7fa77a9fbce49e2b841a1c477d7 |
| SHA1 | 469d368ed6e7cc6a4a41006b147ae01444488736 |
| SHA256 | a78778b201120d57b13ad814761029baf834a474b5940a217570dfd2d7dd0e91 |
| CRC32 | DECDE658 |
| ssdeep | 12:BJZrh1s6bCbl2JEis9QP/f8TDxpbrQ3v2OxYRzhcKXx3trxkUXEXMXWVjv:Bp1F8l2JES/8vrQf2NzPriU5qv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 90de83192847ae4a_a5b0xdfh.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\A5B0XDFH.txt |
| Size | 97.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | d1cd1e6a48d90ee77ff59cbec7147d81 |
| SHA1 | 167239485565c9e420349d59e2a21049cba7edfe |
| SHA256 | 90de83192847ae4ac61b59edc7f652ed9a3395ddacc0998c55d28178c2a3eefc |
| CRC32 | 9FF9F254 |
| ssdeep | 3:gxqKsajVJWkGVoyGTKvXv6NJApS3VSWGccvPRgvn:2wfGJk834DPiv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1d0282d7602159d4_logo-asp[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\logo-asp[1].png |
| Size | 9.4KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 120 x 58, 8-bit/color RGBA, non-interlaced |
| MD5 | f4f64524a8771cb50897b6a242310637 |
| SHA1 | 89c9550ca62ed3560d81012390b98c6db207e53c |
| SHA256 | 1d0282d7602159d4d54d642dd1a117f2b7dcf73a9b76c71934c486ac81143f66 |
| CRC32 | 76A653FE |
| ssdeep | 192:POK15SchbIV8Dxira+6VKzroBbcC+R8cofaiJ:P5/zDxi2/szrhLPiJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5792db79895259e0_recoverystore.{cd729e3b-4ad8-11ec-940e-94de278c3274}.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD729E3B-4AD8-11EC-940E-94DE278C3274}.dat |
| Size | 4.5KB |
| Processes | 2304 (iexplore.exe) |
| Type | Composite Document File V2 Document, Cannot read section info |
| MD5 | 914fa063f3d4780a26cb22f21894514f |
| SHA1 | 0707145f9f44bf7d80b79e942c2bc7d2adfee46a |
| SHA256 | 5792db79895259e05d1303a7d1a28e5bfa2d0c1bb3630458da3137b2115d813f |
| CRC32 | B5ADB3F5 |
| ssdeep | 12:rlfF2ArEg5+IaCrI0F7+F2IxrEg5+IaCrI0F7ugQNlTqbax7MNlTqbax7K:rqA5/1A5/3QNlWVNlW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 12c94c0fb5644994_danish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\danish.ini |
| Size | 73.9KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 5ba43d59f4a1c2037b4fabe874e281c5 |
| SHA1 | 2102ec50ee14f917294aa81198910b9348bc31ef |
| SHA256 | 12c94c0fb56449940aeb36963232dc2d375e2a54df91be89f2f096a6d027dc0a |
| CRC32 | 3CBD94BF |
| ssdeep | 1536:VRJ69Z5hzYkfSy/KBQRFxUhwmvZFRvWOUIp:ghpYpQRFxMxZHUC |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 954f347bd92320b6_F07HDEU2.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\F07HDEU2.txt |
| Size | 219.0B |
| Processes | 2436 (iexplore.exe) |
| Type | ASCII text |
| MD5 | 0d6d43051bac21251336fa059251c288 |
| SHA1 | fb0b077a255f212ad5cb6811f241cc439588498e |
| SHA256 | 954f347bd92320b655570b7f5b83f92b20b2507ac2d8efee60804438a04bc89f |
| CRC32 | B35AEE0E |
| ssdeep | 6:Q5a4bEKXMXpUiiVjlJKkEzNVjLGXF/LDJqE6GXMTVsUDeaXrPiv:QEKXMXOVjuFWXtDoyXMTVsuTDiv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f718238dd5a8a958_uninstall winthruster.lnk |
|---|---|
| Filepath | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\Uninstall WinThruster.lnk |
| Size | 1.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Nov 21 05:39:07 2021, mtime=Sun Nov 21 05:39:07 2021, atime=Sun Nov 21 05:39:00 2021, length=3233853, window=hide |
| MD5 | d4edd31555b1e16acbb4d97158cb0261 |
| SHA1 | 347d242752f9e713ddbdb0c70a11ad7ed22ca033 |
| SHA256 | f718238dd5a8a958830a4135533b8eee264c7e2d8c0170b4ffb94f5bf19527d2 |
| CRC32 | 050F8CD0 |
| ssdeep | 12:8mDWoDAzIHm5Gdp8DCDmXHtN854SoiSjA6yMwrbdpYyZ+5m0bdpYyZwBNU94t2YR:8mDWOGodOEcfCuA6yM6dBg5xdBmUPPyJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d1d8daee7b1fd531_icon-large-tools[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\icon-large-tools[1].png |
| Size | 2.5KB |
| Processes | 2436 (iexplore.exe) |
| Type | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced |
| MD5 | 9fe4314527aed6411018b4a4f84985ac |
| SHA1 | 9f6a248455c62372b6043f052e54481a59a9b9f2 |
| SHA256 | d1d8daee7b1fd531ed52883434fbb6c5496fdced56a0eb7158d28bd70504756d |
| CRC32 | 6A24522A |
| ssdeep | 48:IqQvnLvnJJ3rSTE5jr6dUe8TIOle6Kr1XeWfVRRUnMlO9yZv3fv5i:pQT7So5H6uNIOl0r1VVRwMlBZPfk |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8d1a0d3b43a0ca8b_finnish.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\finnish.ini |
| Size | 76.8KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 0e1305f6818a65fcf5fc34d74addc114 |
| SHA1 | 248a000b75286ef72032468f13ccad47769bc95c |
| SHA256 | 8d1a0d3b43a0ca8b738b2920482113a4244b08a9b147809663d093565957781e |
| CRC32 | 32885D24 |
| ssdeep | 1536:WdCHxAtxzM1Uenhf2ssUV1jukUrtMOLWBsN+zLUvRiz+viRxjwu+Wz1IhIhj8x/Z:jxAtxo1Uenhf2ss+ukUrCOLesszyiz+R |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4e95a9cd85011657_winthruster.lnk |
|---|---|
| Filepath | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster\WinThruster.lnk |
| Size | 1.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Nov 21 05:39:07 2021, mtime=Sun Nov 21 05:39:07 2021, atime=Mon Oct 25 20:39:30 2021, length=8980296, window=hide |
| MD5 | 42b2219a22a62288d4e29fd91a04cef6 |
| SHA1 | 4ba535628ef165ca27d477094b66290b9e756778 |
| SHA256 | 4e95a9cd85011657434d6dc63393e6578c385a5dd66c6d76c2b65c4ba5decd18 |
| CRC32 | 78C0D568 |
| ssdeep | 12:8mDqkDls1dAzIHm5Gdp8DCDmXHtN81ytlD8CjEjA1yMwygYbdpYyZSTzm0bdpYyu:8mDgGodOEccwQA1yMRdBoxdBmUPPyd7f |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c03249afafea0f59_german.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\german.ini |
| Size | 81.8KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | f0c4f402228cb5495d74cd25910ea91e |
| SHA1 | 8e5b7b000228c1e316be7dd6a5625d4d898b68da |
| SHA256 | c03249afafea0f591dbbd2d36e52cd233d95e0bbb243482249bca07a0f08c63a |
| CRC32 | 0C23D7FE |
| ssdeep | 1536:MM23Ov7Ii3sUfea9GnqBmVTLNsPdjPSOzVKH7olkZQMBay40bt7mZI2qMoq5ji:+e7IMGKGnhNsPlMH5dptb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e3038c1f9f88b80f_ulist.txt |
|---|---|
| Filepath | c:\program files (x86)\winthruster\ulist.txt |
| Size | 18.4KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 0a98387bc136d528f220300db04a8f3c |
| SHA1 | 5fad82017a8c1c872a29b1899ee2a69fe46b775e |
| SHA256 | e3038c1f9f88b80fcd4e34a8999caa2073d010c2408391b5c8ce00f758be0206 |
| CRC32 | 2A0935A8 |
| ssdeep | 384:pr4hmymynKIZ+uCqeAycVmdads40C2w8GpWON5Sy4:primymYpkqefcVGads4J2w86N5Sy4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 388a796580234efc__setup64.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-3C4UO.tmp\_isetup\_setup64.tmp |
| Size | 6.0KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| CRC32 | 2CDCC338 |
| ssdeep | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1eb99a0adc233079_logo.bmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-3C4UO.tmp\logo.bmp |
| Size | 74.9KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | PC bitmap, Windows 3.x format, 455 x 56 x 24 |
| MD5 | 7fef26e0a5e0439dcd2a56d19284997a |
| SHA1 | 47b6549d24229bebb9c5a24f07911bf3d759dedd |
| SHA256 | 1eb99a0adc233079967170a139e565d92c6bfa628e3a6e57dbe220781233f338 |
| CRC32 | AA515FC6 |
| ssdeep | 96:pXH6fiqxDxAIXXxC8ohUcnRfsxUptO8txku68ukBFYwyqBLgKORgeEqUxAuvdQgy:lixHxcpKae8GFkLHJbvdP0sXIiqL9V |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 57a9b2de308cbe75_russian.ini |
|---|---|
| Filepath | c:\program files (x86)\winthruster\russian.ini |
| Size | 114.5KB |
| Processes | 2864 (Setup_WinThruster_2021.tmp) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | da26fdb165af5e494d2517be3c294fa0 |
| SHA1 | 3e74c63e7006b5f43738f359d0559042be6756f1 |
| SHA256 | 57a9b2de308cbe75e6fa921be85b70e9b4ce1026bfc030692dc89613648e0000 |
| CRC32 | 7C5689DB |
| ssdeep | 3072:5wV6mxncJ6bZvZToy6HDpj9bQ1/ghLzKi6kUvFNTrVGeftE3xQ7bsespGtg9MUsr:58xncJ6bZvZ8HDpj901/yLzKi6kUvdGE |
| Yara | None matched |
| VirusTotal | Search for analysis |